A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version…
As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as “another banner year for threat actors targeting the exploitation of vulnerabilities,” VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be…
U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan. The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker. The vast array of sites in question peddled…
With the release of Drupal 11.1, there’s a cool new feature for developers: Hooks can now be implemented as class methods using PHP attributes instead of functions. This change is a major step forward in modernizing Drupal’s codebase. While procedural function-based hooks are still supported (and will be for some time), developers writing new code…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two…
There are tons of tools promising that they can tell AI content from human content, but until recently, I thought they didn’t work. AI-generated content isn’t as simple to spot as old-fashioned “spun” or plagiarised content. Most AI-generated text could be considered original, in some sense—it isn’t copy-pasted from somewhere else on the internet. But…
In October 2024, we organized a sold-out, 500-person conference called Ahrefs Evolve in Singapore. We’ve already covered how we planned the event from start to finish and how we promoted the event. This time round, it’s about how our events can be better next time. Like any good event organizer, we sent out post-event surveys to…
AI can write, but let’s be honest; it can also sound (dare I say) robotic. Without a clear process, AI-generated content can feel generic, miss SEO opportunities, or just not sound like you. The trick? Use AI as a tool, not a shortcut. This AI content creation process helps you: Get AI to generate usable content…
A backlink gap analysis is the process of finding great links your competitors have that you don’t. It involves evaluating your competitors’ quality of backlinks and deciding if similar links could also improve your site’s SEO. This process helps you: Find quality links quickly Improve your domain’s authority Close gaps against competitors In this guide, you’ll…
An SEO topical map is the roadmap for your website’s content strategy. Its core function is to organize your website’s content in a clear hierarchy of topics and sub-topics. It helps you: Make it easier for users to navigate your website Signal to search engines that your content comprehensively covers a topic Become an authority in a…
Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. “Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities,” Google Threat…
The North Korean threat actor known as the Lazarus Group has been observed leveraging a “web-based administrative platform” to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. “Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API,” SecurityScorecard’s…
